Description

The Lucee web application has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code by using a specially crafted cookie value, thereby compromising the system.

Remediation

Upgrade to the latest version of Lucee

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3004)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26279)

WebLogic CVE-2018-3197 Vulnerability (CVE-2018-3197)

PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-3823)

WebLogic Improper Input Validation Vulnerability (CVE-2020-10693)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities